diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/acl/AppsmithRole.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/acl/AppsmithRole.java index 079ff36799..d1a80ec2fc 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/acl/AppsmithRole.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/acl/AppsmithRole.java @@ -23,7 +23,12 @@ public enum AppsmithRole { Set.of(MANAGE_ORGANIZATIONS, ORGANIZATION_INVITE_USERS)), ORGANIZATION_DEVELOPER("Developer", "Can edit and view applications along with inviting other users to the organization", Set.of(READ_ORGANIZATIONS, ORGANIZATION_MANAGE_APPLICATIONS, ORGANIZATION_READ_APPLICATIONS, ORGANIZATION_PUBLISH_APPLICATIONS, ORGANIZATION_INVITE_USERS)), - ORGANIZATION_VIEWER("App Viewer", "Can only view applications", Set.of(READ_ORGANIZATIONS, ORGANIZATION_READ_APPLICATIONS)); + ORGANIZATION_VIEWER( + "App Viewer", + "Can view applications and invite other users to view applications", + Set.of(READ_ORGANIZATIONS, ORGANIZATION_READ_APPLICATIONS, ORGANIZATION_INVITE_USERS) + ), + ; private Set permissions; private String name; diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/migrations/DatabaseChangelog.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/migrations/DatabaseChangelog.java index bfe7d2a9ec..1d9b342798 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/migrations/DatabaseChangelog.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/migrations/DatabaseChangelog.java @@ -26,11 +26,13 @@ import com.appsmith.server.domains.Plugin; import com.appsmith.server.domains.PluginType; import com.appsmith.server.domains.QApplication; import com.appsmith.server.domains.QDatasource; +import com.appsmith.server.domains.QOrganization; import com.appsmith.server.domains.QPlugin; import com.appsmith.server.domains.Role; import com.appsmith.server.domains.Sequence; import com.appsmith.server.domains.User; import com.appsmith.server.domains.UserData; +import com.appsmith.server.domains.UserRole; import com.appsmith.server.dtos.ActionDTO; import com.appsmith.server.dtos.DslActionDTO; import com.appsmith.server.dtos.OrganizationPluginStatus; @@ -60,6 +62,7 @@ import org.springframework.data.mongodb.core.index.CompoundIndexDefinition; import org.springframework.data.mongodb.core.index.Index; import org.springframework.data.mongodb.core.index.IndexOperations; import org.springframework.data.mongodb.core.query.Criteria; +import org.springframework.data.mongodb.core.query.Update; import org.springframework.util.CollectionUtils; import org.springframework.util.StreamUtils; @@ -1637,4 +1640,30 @@ public class DatabaseChangelog { installPluginToAllOrganizations(mongoTemplate, plugin.getId()); } + + @ChangeSet(order = "052", id = "add-app-viewer-invite-policy", author = "") + public void addAppViewerInvitePolicy(MongoTemplate mongoTemplate) { + final List organizations = mongoTemplate.find( + query(new Criteria().andOperator( + where(fieldName(QOrganization.organization.userRoles) + ".role").is(AppsmithRole.ORGANIZATION_VIEWER.name()) + )), + Organization.class + ); + + for (final Organization org : organizations) { + final Set viewers = org.getUserRoles().stream() + .filter(role -> AppsmithRole.ORGANIZATION_VIEWER == role.getRole()) + .map(UserRole::getUsername) + .collect(Collectors.toSet()); + mongoTemplate.updateFirst( + query(new Criteria().andOperator( + where(fieldName(QOrganization.organization.id)).is(org.getId()), + where(fieldName(QOrganization.organization.policies) + ".permission").is(ORGANIZATION_INVITE_USERS.getValue()) + )), + new Update().addToSet("policies.$.users").each(viewers.toArray()), + Organization.class + ); + } + + } }